punch
Advanced tools
Comparing version 0.5.40 to 0.5.41
@@ -15,3 +15,3 @@ { | ||
| ], | ||
| "version": "0.5.40", | ||
| "version": "0.5.41", | ||
| "homepage": "https://github.com/laktek/punch", | ||
@@ -31,3 +31,3 @@ "author": "Lakshan Perera <lakshan@web2media.net> (http://laktek.com)", | ||
| "coffee-script": ">= 1.5.0", | ||
| "connect": "laktek/connect", | ||
| "connect": ">= 2.12.0", | ||
| "cssmin": ">= 0.4.1", | ||
@@ -34,0 +34,0 @@ "fresh": ">= 0.1.0", |
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Improved metrics
- Number of high supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-1.29%
1008367
- Number of package files
- decreased by-6.83%
150
Dependency changes
+ Addedconnect@3.7.0(transitive)
+ Addeddebug@2.6.9(transitive)
+ Addedee-first@1.1.1(transitive)
+ Addedencodeurl@1.0.2(transitive)
+ Addedescape-html@1.0.3(transitive)
+ Addedfinalhandler@1.1.2(transitive)
+ Addedon-finished@2.3.0(transitive)
+ Addedparseurl@1.3.3(transitive)
+ Addedstatuses@1.5.0(transitive)
+ Addedunpipe@1.0.0(transitive)
+ Addedutils-merge@1.0.1(transitive)
Updatedconnect@>= 2.12.0